From dcff4c92cdf395db0d6cd970f8cc9d28278268dc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 3 Dec 2018 14:00:58 +0200 Subject: [PATCH] Add comment for reasoning for changing default Add a comment in the `adjust-config.sh` script, for effects and benefits of the new value. --- features/mbedtls/importer/adjust-config.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/features/mbedtls/importer/adjust-config.sh b/features/mbedtls/importer/adjust-config.sh index c1e7eb3855..347ca5c155 100755 --- a/features/mbedtls/importer/adjust-config.sh +++ b/features/mbedtls/importer/adjust-config.sh @@ -140,6 +140,10 @@ conf unset MBEDTLS_SSL_TRUNCATED_HMAC conf unset MBEDTLS_PLATFORM_TIME_TYPE_MACRO +# The default size of MBEDTLS_MPI_MAX_SIZE is 1024 bytes. +# In some cases, this value is set to stack buffers. +# Reduce the maximal MBEDTLS_MPI_MAX_SIZE to 512 bytes, +# which should fit RSA 4096 bit keys. conf set MBEDTLS_MPI_MAX_SIZE 512 # The following configurations are a needed for Mbed Crypto submodule.